Bug 1314801 Part 2: Enable MITIGATION_IMAGE_LOAD_NO_LOW_LABEL and MITIGATION_IMAGE_LOAD_NO_REMOTE on Windows content sandbox. r=jimm
authorBob Owen <bobowencode@gmail.com>
Wed, 13 Sep 2017 11:19:41 +0100
changeset 430161 ac48944bf3c6f274037225a92d230f996a309963
parent 430160 aaf411b9d99f48e25811b131c59c557ce9077d60
child 430162 827df1e72041aab9e8b25194ee6fe82f187cb26e
push id7761
push userjlund@mozilla.com
push dateFri, 15 Sep 2017 00:19:52 +0000
treeherdermozilla-beta@c38455951db4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjimm
bugs1314801
milestone57.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1314801 Part 2: Enable MITIGATION_IMAGE_LOAD_NO_LOW_LABEL and MITIGATION_IMAGE_LOAD_NO_REMOTE on Windows content sandbox. r=jimm
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -414,30 +414,38 @@ SandboxBroker::SetSecurityLevelForConten
 
   result = mPolicy->SetIntegrityLevel(initialIntegrityLevel);
   MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
                      "SetIntegrityLevel should never fail, what happened?");
   result = mPolicy->SetDelayedIntegrityLevel(delayedIntegrityLevel);
   MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
                      "SetDelayedIntegrityLevel should never fail, what happened?");
 
-  if (aSandboxLevel > 3) {
-    result = mPolicy->SetAlternateDesktop(false);
-    MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
-                       "Failed to create alternate desktop for sandbox.");
-  }
-
   sandbox::MitigationFlags mitigations =
     sandbox::MITIGATION_BOTTOM_UP_ASLR |
     sandbox::MITIGATION_HEAP_TERMINATE |
     sandbox::MITIGATION_SEHOP |
     sandbox::MITIGATION_DEP_NO_ATL_THUNK |
     sandbox::MITIGATION_DEP |
     sandbox::MITIGATION_EXTENSION_POINT_DISABLE;
 
+  if (aSandboxLevel > 3) {
+    result = mPolicy->SetAlternateDesktop(false);
+    MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
+                       "Failed to create alternate desktop for sandbox.");
+
+    mitigations |= sandbox::MITIGATION_IMAGE_LOAD_NO_LOW_LABEL;
+    // If we're running from a network drive then we can't block loading from
+    // remote locations.
+    if (!sRunningFromNetworkDrive) {
+      mitigations |= sandbox::MITIGATION_IMAGE_LOAD_NO_REMOTE;
+    }
+  }
+
+
   result = mPolicy->SetProcessMitigations(mitigations);
   MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
                      "Invalid flags for SetProcessMitigations.");
 
   mitigations =
     sandbox::MITIGATION_STRICT_HANDLE_CHECKS |
     sandbox::MITIGATION_DLL_SEARCH_ORDER;